How to check the names of remote access users that have sent traffic through the Security Gateway in the last 15 minutes
To see the username of each "connected" remote access user (in the last 15 minutes), run this command (in Expert mode) on VPN Security Gateway:
[Expert@HostName]# fw tab -t userc_rules -f
The following three kernel tables on Security Gateway hold the remote access users' connection information:
- userc_users - This table holds remote access client's IP address. All connections from this IP address are expected to be encrypted.
- userc_rules - This table holds a list of rules that are relevant for remote access client and a list of IP addresses and sessions key (for optimization). Client encrypt rules check this table to see if the connection belongs to remote access clients. This table is accessed in order to verify that incoming packets from a remote access client are allowed. The entries in this table are based on the remote access client's internal (encapsulated) IP address, which may be different from the source IP address, if the remote access client is behind NAT.
- userc_key - This table is a map between remote access IP address and the cryptographic aspect of the connection. This table maps the scheme (FWZ or ISAKMP), the client user name and the user DN, the last time the client was authenticated, whether subnets are used with this client, IKE authentication methods.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
This solution is about products that are no longer supported and it will not be updated